#2487 closed task (invalid)

List of TLS 1.2 and TLS 1.3 extensions supported by nginx

Reported by: Preetham777@… Owned by:
Priority: trivial Milestone:
Component: documentation Version: 1.22.x
Keywords: TLS extensions Cc:
uname -a: Linux rocky8
nginx -V: bash-4.4# nginx -V
nginx version: nginx/1.22.1
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-16) (GCC)
built with OpenSSL 1.1.1k FIPS 25 Mar 2021
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_auth_request_module --with-http_degradation_module --add-dynamic-module=./3rd_party/njs-master/nginx --with-threads --with-stream --with-stream_ssl_module --with-file-aio --with-pcre-jit --without-pcre2 --with-mail --with-mail_ssl_module --with-http_drain_module --with-http_slice_module --with-http_v2_module --with-http_random_index_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_secure_link_module --with-http_xslt_module --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --without-http_autoindex_module --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/wsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --add-module=./3rd_party/nginx_upstream_check_module --add-module=./3rd_party/nginx-sticky-module --add-module=./3rd_party/nginx-module-sts-master --add-module=./3rd_party/nginx-module-stream-sts-master --add-module=./3rd_party/nginx-module-vts-master --add-module=./3rd_party/ngx_devel_kit-0.3.0 --add-module=./3rd_party/lua-nginx-module-0.10.19 --add-module=./3rd_party/echo-nginx-module-master --add-module=./3rd_party/headers-more-nginx-module-master --add-module=./3rd_party/lua-upstream-nginx-module-master --add-module=./3rd_party/stream-lua-nginx-module-0.0.9 --add-module=./3rd_party/ngx_http_proxy_connect_module-master --add-module=./3rd_party/nginx_cookie_flag_module-master --add-module=./3rd_party/nginx_ajp_module-0.3.2 --add-module=./3rd_party/set-misc-nginx-module-0.32 --add-module=./3rd_party/ngx_http_substitutions_filter_module-master --add-dynamic-module=./3rd_party/ModSecurity-nginx-1.0.3 --with-ld-opt=-Wl,-rpath

Description (last modified by Preetham777@…)

Hi Team, wanted to get the list of TLS 1.2 and TLS 1.3 extensions that is being currently supported by nginx (version >=1.22.x).
Specifically looking for the below extensions.

TLS 1.2

| signed_certificate_timestamp, or sct (0x0012) | [RFC6962] |
| encrypt_then_mac (0x0016) | [RFC7366] |
| status_request (0x0005) | [RFC6066] |
| use_srtp (0x000E) | [RFC5764] |
| padding (0x0015) | [RFC7685] |
| record_size_limit (0x001C) | [RFC8449] |
| trusted_ca_keys (0x0003) | [RFC6066] |
| user_mapping (0x0006) | [RFC4681] |
| srp (0x000C) | [RFC5054] |
| status_request_v2 (0x0011) | [RFC6961] |
| session_ticket (0x0023) | [RFC5077] [RFC8447]|

TLS 1.3

| signed_certificate_timestamp | [RFC6962] |
| status_request (0x0005) | [RFC6066] |
| use_srtp (0x000E) | [RFC5764] |
| padding (0x0015) | [RFC7685] |
| record_size_limit (0x001C) | [RFC8449] |
| pre_shared_key (0x0029) | [RFC8446] |
| psk_key_exchange_modes (0x002D) | [RFC8446] |
| certificate_authorities (0x002F) | [RFC8446] |
| oid_filters (0x0030) | [RFC8446] |
| post_handshake_auth (0x0031) | [RFC8446] |

Change History (2)

comment:1 by Preetham777@…, 19 months ago

Description: modified (diff)

comment:2 by Maxim Dounin, 19 months ago

Resolution: invalid
Status: newclosed

For questions, please use support options available.

Note: See TracTickets for help on using tickets.